Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A computer-implemented method for performing authentication, comprising: determining, by a database server storing data in a blockchain ledger, a target ledger segment on which time service authentication is to be performed; generating a Merkle tree corresponding to the target ledger segment, the Merkle tree being based on a set of one or more data blocks in the target ledger segment; determining a root hash of the Merkle tree, the root hash of the Merkle tree being based on a block hash of each data block in the set of one or more data blocks; executing a predetermined time capture process in a trusted execution environment to obtain a trusted time from an interface provided by a trusted time service organization; generating a digital signature for the trusted time and the root hash in the trusted execution environment; generating a time service certificate comprising the trusted time, the root hash, and the digital signature; and generating a new data block in the blockchain ledger, comprising: receiving one or more data records, and determining a hash value of each data record, determining that a predetermined block forming condition is satisfied, determining that a sequence number of the new data block in the blockchain ledger is greater than 1, and generating the new data block in the blockchain ledger, the new data block comprising a hash value of the new data block, a block height of the new data block, the one or more data records, and a block forming time, wherein the hash value of the new data block is determined based on the hash values of the one or more data records and a hash value of an adjacent previous block in the blockchain ledger, and wherein the block height of the new data block is greater than respective block heights of previous data blocks in the blockchain ledger.
This invention relates to a computer-implemented method for performing authentication in blockchain systems. The method addresses the challenge of ensuring the integrity and authenticity of data stored in a blockchain ledger by leveraging time-based verification and cryptographic techniques. The system involves a database server that stores data in a blockchain ledger and performs authentication on a selected segment of the ledger. A Merkle tree is generated for the target segment, where the tree is constructed from the hash values of data blocks within that segment. The root hash of this Merkle tree is then computed, serving as a compact representation of the segment's data integrity. To ensure the authenticity of the timestamp, the method executes a time capture process within a trusted execution environment (TEE), which interacts with a trusted time service organization to obtain a verified timestamp. The system then generates a digital signature for both the trusted time and the Merkle root hash within the TEE, ensuring the integrity and non-repudiation of the timestamped data. A time service certificate is created, containing the trusted time, the Merkle root hash, and the digital signature, which can be used for subsequent verification. Additionally, the method includes generating a new data block in the blockchain ledger. This involves receiving data records, computing their hash values, and checking if a predetermined block formation condition is met. If the new block's sequence number is greater than 1, the block is generated with its hash value derived from the data records and the previous block's hash. The block height is incremented to reflect its position in the ledger, ensuring chronological ordering. This approach enhances the security and reliability
2. The computer-implemented method of claim 1 , wherein the predetermined block forming condition comprises: a quantity of to-be-stored data records reaches a quantity threshold; or a time interval since the forming of the adjacent previous block reaches a time threshold.
This invention relates to data storage systems, specifically methods for organizing data records into blocks based on predefined conditions. The problem addressed is the need for efficient and timely data block formation to optimize storage performance and resource utilization. The method involves monitoring data records awaiting storage and forming a new block when either of two conditions is met. The first condition is when the number of pending data records reaches a specified quantity threshold, ensuring blocks are formed at regular intervals based on data volume. The second condition is when a predefined time interval since the last block formation has elapsed, guaranteeing periodic block creation regardless of data volume. This dual-condition approach balances storage efficiency with timely data processing, preventing excessive delays or resource waste. The method applies to systems where data is grouped into blocks for storage, such as databases, file systems, or distributed ledgers, improving reliability and performance by ensuring consistent block formation.
3. The computer-implemented method of claim 1 , wherein determining the target ledger segment comprises: determining a new data block of the blockchain ledger as the target ledger segment; or determining, based on a starting block height and a block quantity comprised in an instruction of a user, the target ledger segment.
This invention relates to blockchain ledger management, specifically methods for identifying target segments within a blockchain ledger for data processing or analysis. The problem addressed is efficiently locating specific portions of a blockchain ledger to perform operations such as data extraction, validation, or updates, which is challenging due to the decentralized and immutable nature of blockchain data. The method involves determining a target ledger segment within a blockchain ledger. This is done in two ways. First, the method can identify a new data block of the blockchain ledger as the target segment, which is useful for real-time processing of the latest transactions or updates. Second, the method can determine the target segment based on a user-provided instruction that includes a starting block height and a block quantity. This allows users to specify a range of blocks (e.g., from block 1000 to block 1010) for targeted analysis or retrieval. The method ensures precise and flexible access to blockchain data, supporting various applications such as auditing, compliance, or smart contract execution. The approach optimizes performance by reducing unnecessary data traversal and enabling efficient querying of blockchain records.
4. The computer-implemented method of claim 1 , wherein determining the target ledger segment comprises: selecting, as the target ledger segment, a newly generated ledger segment that satisfies a predetermined time service condition, wherein the predetermined time service condition comprises: a quantity of newly generated data blocks in the newly generated ledger segment reaches a quantity threshold, or a time interval since a previous time service authentication reaches a time threshold.
This invention relates to distributed ledger technology, specifically methods for selecting a target ledger segment for time service authentication in a blockchain or similar decentralized system. The problem addressed is ensuring accurate and timely verification of time-based events in distributed ledgers, where consensus mechanisms may not inherently provide precise time validation. The method involves determining a target ledger segment for time service authentication by selecting a newly generated ledger segment that meets specific time service conditions. These conditions include either the accumulation of a predetermined number of new data blocks within the segment (reaching a quantity threshold) or the passage of a predefined time interval since the last time service authentication (reaching a time threshold). This ensures that time-sensitive operations, such as timestamping transactions or validating event sequences, are performed reliably and consistently across the distributed network. The approach helps maintain the integrity and trustworthiness of time-dependent processes in decentralized systems by enforcing structured intervals for time verification.
5. The computer-implemented method of claim 1 , wherein the trusted execution environment comprises INTEL SGX, AMD SEV, or ARM TrustZone.
This invention relates to secure computing environments, specifically methods for enhancing the security of data processing in trusted execution environments (TEEs). The problem addressed is the vulnerability of sensitive data and computations to unauthorized access, even within secure hardware environments. Traditional TEEs, while providing isolation, may still be susceptible to side-channel attacks or improper configuration, leading to potential breaches of confidentiality and integrity. The method involves utilizing specific hardware-based TEEs, such as INTEL SGX, AMD SEV, or ARM TrustZone, to execute sensitive operations. These TEEs provide hardware-enforced isolation, ensuring that even privileged software or malicious actors cannot access the data or computations within the secure enclave. The method further includes steps to initialize the TEE, load encrypted or protected code and data into the secure environment, and execute the operations within the isolated space. Additional security measures may include attestation mechanisms to verify the integrity and authenticity of the TEE before execution. By leveraging these hardware-backed TEEs, the invention ensures that sensitive operations remain protected from unauthorized access, side-channel attacks, and other security threats. The use of well-established TEEs like INTEL SGX, AMD SEV, or ARM TrustZone provides a robust foundation for secure computing, suitable for applications in cloud computing, financial transactions, and other high-security environments. The method may also include dynamic configuration of the TEE based on the security requirements of the workload, further enhancing adaptability and protection.
6. The computer-implemented method of claim 1 , further comprising: writing the root hash, the trusted time, and the digital signature into a specified data block in the target ledger segment.
This invention relates to a computer-implemented method for securely recording data in a distributed ledger system, addressing the need for tamper-proof verification of data integrity and timestamping. The method involves generating a root hash of a set of data blocks, obtaining a trusted time value from a secure time source, and creating a digital signature for the root hash using a private key. The method then writes the root hash, trusted time, and digital signature into a specified data block within a target ledger segment. This ensures that the data in the ledger segment is cryptographically verifiable and time-stamped, preventing unauthorized modifications. The method may also include generating the root hash by applying a cryptographic hash function to the data blocks, ensuring that any alteration to the data would result in a different hash value. The trusted time value is obtained from a trusted time source, such as a time-stamping authority, to provide an immutable record of when the data was recorded. The digital signature is generated using a private key associated with the ledger system, allowing any party with access to the corresponding public key to verify the authenticity of the recorded data. This method enhances the security and reliability of distributed ledger systems by providing a mechanism for verifying the integrity and timestamp of recorded data.
7. A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform operations comprising: determining, by a database server storing data in a blockchain ledger, a target ledger segment on which time service authentication is to be performed; generating a Merkle tree corresponding to the target ledger segment, the Merkle tree being based on a set of one or more data blocks in the target ledger segment; determining a root hash of the Merkle tree, the root hash of the Merkle tree being based on a block hash of each data block in the set of one or more data blocks; executing a predetermined time capture process in a trusted execution environment to obtain a trusted time from an interface provided by a trusted time service organization; generating a digital signature for the trusted time and the root hash in the trusted execution environment; generating a time service certificate comprising the trusted time, the root hash, and the digital signature; and generating a new data block in the blockchain ledger, comprising: receiving one or more data records, and determining a hash value of each data record, determining that a predetermined block forming condition is satisfied, determining that a sequence number of the new data block in the blockchain ledger is greater than 1, and generating the new data block in the blockchain ledger, the new data block comprising a hash value of the new data block, a block height of the new data block, the one or more data records, and a block forming time, wherein the hash value of the new data block is determined based on the hash values of the one or more data records and a hash value of an adjacent previous block in the blockchain ledger, and wherein the block height of the new data block is greater than respective block heights of previous data blocks in the blockchain ledger.
This invention relates to blockchain-based systems for time service authentication. The problem addressed is ensuring the integrity and verifiability of time-stamped data in a blockchain ledger, particularly in environments where trust in the time source is critical. The solution involves a database server that manages a blockchain ledger and performs time service authentication on a target ledger segment. A Merkle tree is generated for the target segment, with its root hash derived from the block hashes of the segment's data blocks. A trusted execution environment (TEE) captures a trusted time from a certified time service organization, then digitally signs both the trusted time and the Merkle root hash. This creates a time service certificate containing the trusted time, root hash, and digital signature. The system then generates a new data block in the blockchain, incorporating the certificate and other data records. The new block's hash is computed from the hashes of its records and the previous block, ensuring cryptographic linkage. The block height is incremented to reflect its position in the ledger. This process ensures that the time-stamped data in the blockchain is verifiable and resistant to tampering, leveraging both cryptographic proofs and trusted time sources.
8. The computer-readable medium of claim 7 , wherein the predetermined block forming condition comprises: a quantity of to-be-stored data records reaches a quantity threshold; or a time interval since the forming of the adjacent previous block reaches a time threshold.
A system and method for managing data storage in a blockchain or distributed ledger environment addresses the challenge of efficiently organizing and storing data records while maintaining integrity and performance. The invention involves forming data blocks under specific conditions to ensure optimal storage and retrieval. The predetermined block forming conditions include either reaching a quantity threshold of to-be-stored data records or exceeding a time threshold since the formation of the adjacent previous block. When either condition is met, a new block is created, encapsulating the accumulated data records. This approach ensures that data is stored in a structured manner, balancing between timely block formation and efficient resource utilization. The system dynamically adjusts block formation based on real-time data volume and time intervals, enhancing scalability and reliability in distributed ledger systems. The method also ensures that data integrity is maintained by linking each new block to its predecessor, forming a secure and tamper-resistant chain of records. This solution is particularly useful in applications requiring high data throughput and consistent performance, such as financial transactions, supply chain tracking, and decentralized applications.
9. The computer-readable medium of claim 7 , wherein determining the target ledger segment comprises: determining a new data block of the blockchain ledger as the target ledger segment; or determining, based on a starting block height and a block quantity comprised in an instruction of a user, the target ledger segment.
This invention relates to blockchain ledger management, specifically methods for identifying and processing target segments within a blockchain ledger. The problem addressed is efficiently locating and handling specific portions of a blockchain ledger for data retrieval, validation, or other operations, particularly in large or distributed ledger systems where direct access to arbitrary segments is computationally expensive or impractical. The invention provides a system for determining a target ledger segment within a blockchain ledger. The process involves either selecting a newly generated data block as the target segment or identifying a segment based on user-specified parameters. In the latter case, the system uses a starting block height and a block quantity provided in a user instruction to define the target segment. This allows precise targeting of ledger portions without requiring full ledger traversal, improving efficiency in blockchain operations such as auditing, verification, or data extraction. The method supports dynamic segment selection, enabling adaptability to different use cases and user requirements. The invention is particularly useful in environments where blockchain ledgers are large, distributed, or frequently updated, as it minimizes computational overhead while ensuring accurate segment identification.
10. The computer-readable medium of claim 7 , wherein determining the target ledger segment comprises: selecting, as the target ledger segment, a newly generated ledger segment that satisfies a predetermined time service condition, wherein the predetermined time service condition comprises: a quantity of newly generated data blocks in the newly generated ledger segment reaches a quantity threshold, or a time interval since a previous time service authentication reaches a time threshold.
This invention relates to distributed ledger technology, specifically optimizing ledger segment selection for time-based authentication. The problem addressed is ensuring efficient and secure ledger segment management in decentralized systems where data blocks are continuously generated. The solution involves selecting a newly generated ledger segment as a target for time service authentication based on predefined conditions. These conditions include either the accumulation of a threshold number of new data blocks within the segment or the expiration of a predefined time interval since the last authentication. This approach ensures that ledger segments are authenticated at regular intervals or when sufficient new data is available, balancing performance and security. The method dynamically adjusts to varying data generation rates, preventing unnecessary authentication delays while maintaining system integrity. The invention is particularly useful in blockchain and distributed ledger systems where timely verification of ledger segments is critical for consensus and data consistency.
11. The computer-readable medium of claim 7 , wherein the trusted execution environment comprises INTEL SGX, AMD SEV, or ARM TrustZone.
A system and method for secure data processing in computing environments involves the use of a trusted execution environment (TEE) to protect sensitive operations from unauthorized access. The TEE is implemented using hardware-based security technologies such as INTEL SGX, AMD SEV, or ARM TrustZone, which provide isolated execution spaces to ensure data confidentiality and integrity. These environments prevent external software, including potentially malicious processes, from accessing or tampering with the data being processed within the TEE. The system is designed to address security vulnerabilities in traditional computing environments where sensitive data may be exposed to unauthorized access or manipulation. By leveraging hardware-based security features, the system ensures that only authorized code and processes can interact with the protected data, thereby enhancing overall system security. The TEE is configured to execute specific operations, such as cryptographic functions or secure data processing tasks, while maintaining isolation from the rest of the system. This approach is particularly useful in applications requiring high levels of security, such as financial transactions, healthcare data processing, or secure communications. The use of established hardware security technologies ensures compatibility with existing computing platforms while providing robust protection against various types of attacks.
12. The computer-readable medium of claim 7 , wherein the operations further comprise: writing the root hash, the trusted time, and the digital signature into a specified data block in the target ledger segment.
A system and method for securely recording data in a distributed ledger involves generating a root hash of a data set, obtaining a trusted time value, and creating a digital signature for the root hash and trusted time. The system then writes the root hash, trusted time, and digital signature into a specified data block within a target ledger segment. This process ensures the integrity and authenticity of the recorded data by linking it to a verifiable timestamp and cryptographic proof. The target ledger segment may be part of a larger distributed ledger system, where multiple nodes maintain copies of the ledger to prevent tampering. The digital signature is generated using a private key associated with an entity responsible for the data, allowing others to verify the signature using the corresponding public key. The trusted time value is obtained from a reliable time source to ensure accurate and tamper-resistant timestamps. This approach is useful in applications requiring audit trails, such as financial transactions, supply chain tracking, or regulatory compliance, where data integrity and provenance are critical. The system may also include additional operations for validating the digital signature and verifying the consistency of the ledger segment before writing the data.
13. A computer-implemented system, comprising: one or more computers; and one or more computer memory devices interoperably coupled with the one or more computers and having tangible, non-transitory, machine-readable media storing one or more instructions that, when executed by the one or more computers, perform one or more operations comprising: determining, by a database server storing data in a blockchain ledger, a target ledger segment on which time service authentication is to be performed, generating a Merkle tree corresponding to the target ledger segment, the Merkle tree being based on a set of one or more data blocks in the target ledger segment, determining a root hash of the Merkle tree, the root hash of the Merkle tree being based on a block hash of each data block in the set of one or more data blocks, executing a predetermined time capture process in a trusted execution environment to obtain a trusted time from an interface provided by a trusted time service organization; generating a digital signature for the trusted time and the root hash in the trusted execution environment, generating a time service certificate comprising the trusted time, the root hash, and the digital signature, and generating a new data block in the blockchain ledger, comprising: receiving one or more data records, and determining a hash value of each data record, determining that a predetermined block forming condition is satisfied, determining that a sequence number of the new data block in the blockchain ledger is greater than 1, and generating the new data block in the blockchain ledger, the new data block comprising a hash value of the new data block, a block height of the new data block, the one or more data records, and a block forming time, wherein the hash value of the new data block is determined based on the hash values of the one or more data records and a hash value of an adjacent previous block in the blockchain ledger, and wherein the block height of the new data block is greater than respective block heights of previous data blocks in the blockchain ledger.
This invention relates to a computer-implemented system for securely authenticating time-based operations in a blockchain ledger. The system addresses the challenge of ensuring trustworthy time verification in decentralized ledgers, where accurate timestamping is critical for data integrity and auditability. The system uses a database server that stores data in a blockchain ledger to identify a target ledger segment for time service authentication. A Merkle tree is generated for this segment, based on the data blocks within it, and a root hash is computed from the block hashes of these data blocks. A trusted execution environment (TEE) is then used to obtain a verified time from a trusted time service organization. The system generates a digital signature for both the trusted time and the Merkle root hash within the TEE, ensuring the time's authenticity. A time service certificate is created, containing the trusted time, root hash, and digital signature. Additionally, the system generates a new data block in the blockchain ledger when certain conditions are met, such as the accumulation of new data records and the satisfaction of a block-forming condition. The new block includes hash values of the records, a block height incrementing from previous blocks, and a timestamp. The block's hash is derived from the records and the previous block's hash, ensuring cryptographic linkage. This approach enhances blockchain security by providing verifiable, tamper-proof time authentication for ledger segments.
14. The computer-implemented system of claim 13 , wherein the predetermined block forming condition comprises: a quantity of to-be-stored data records reaches a quantity threshold; or a time interval since the forming of the adjacent previous block reaches a time threshold.
This invention relates to a computer-implemented system for managing data storage, specifically addressing the challenge of efficiently organizing and storing data records in a structured manner. The system dynamically forms blocks of data records based on predefined conditions to optimize storage and retrieval processes. The system monitors the accumulation of data records and triggers the formation of a new block when either the number of records reaches a specified quantity threshold or a predefined time interval since the last block formation is exceeded. This ensures that data is grouped in a timely and structured way, improving storage efficiency and accessibility. The system may also include mechanisms to determine the optimal size or timing for block formation, ensuring adaptability to varying data input rates and storage requirements. By automating the block formation process, the system reduces manual intervention and enhances the reliability of data organization. The invention is particularly useful in environments where large volumes of data are generated and need to be stored in a structured format, such as databases, distributed ledgers, or data warehouses. The dynamic block formation conditions help balance between storage efficiency and performance, ensuring that data is stored in a way that minimizes fragmentation and maximizes retrieval speed.
15. The computer-implemented system of claim 13 , wherein determining the target ledger segment comprises: determining a new data block of the blockchain ledger as the target ledger segment; or determining, based on a starting block height and a block quantity comprised in an instruction of a user, the target ledger segment.
This invention relates to a computer-implemented system for managing blockchain ledgers, specifically addressing the challenge of efficiently identifying and accessing specific segments of a blockchain ledger for data processing or analysis. The system dynamically determines a target ledger segment within a blockchain ledger to facilitate operations such as data retrieval, validation, or updates. The determination process involves either selecting a newly generated data block as the target segment or identifying a segment based on user-specified parameters, such as a starting block height and a defined block quantity. This allows users to precisely target portions of the ledger for operations without manually traversing the entire blockchain, improving efficiency and reducing computational overhead. The system enhances blockchain usability by enabling flexible and targeted access to ledger data, which is particularly valuable in applications requiring real-time data processing or historical analysis. The invention ensures that ledger segments are accurately identified according to either real-time block generation or predefined user instructions, supporting scalable and adaptable blockchain management.
16. The computer-implemented system of claim 13 , wherein determining the target ledger segment comprises: selecting, as the target ledger segment, a newly generated ledger segment that satisfies a predetermined time service condition, wherein the predetermined time service condition comprises: a quantity of newly generated data blocks in the newly generated ledger segment reaches a quantity threshold, or a time interval since a previous time service authentication reaches a time threshold.
This invention relates to a computer-implemented system for managing distributed ledger segments, specifically addressing the challenge of efficiently determining when to authenticate or service a ledger segment based on dynamic conditions. The system selects a target ledger segment for time service authentication by evaluating newly generated ledger segments against predefined criteria. The selection process involves choosing a newly generated ledger segment that meets a time service condition, which can be triggered in two ways: either when the number of newly generated data blocks within the segment reaches a specified quantity threshold, or when the elapsed time since the last authentication exceeds a predefined time threshold. This ensures timely and efficient ledger maintenance without relying on fixed schedules, improving system adaptability and performance. The system dynamically adjusts to varying workloads and operational demands, optimizing resource usage while maintaining data integrity and consistency. The invention enhances distributed ledger management by automating the selection of segments for authentication based on real-time conditions, reducing manual intervention and improving scalability.
17. The computer-implemented system of claim 13 , wherein the trusted execution environment comprises INTEL SGX, AMD SEV, or ARM TrustZone.
A computer-implemented system enhances security for executing sensitive operations by utilizing a trusted execution environment (TEE) to isolate and protect data processing from unauthorized access. The system addresses vulnerabilities in traditional computing environments where sensitive operations, such as cryptographic computations or secure authentication, may be exposed to attacks like memory snooping or malicious software. The TEE provides a secure enclave where code and data are encrypted and protected from external interference, ensuring confidentiality and integrity. The system further includes a secure communication channel between the TEE and external components, allowing secure data exchange while maintaining isolation. The TEE can be implemented using hardware-based security technologies such as INTEL SGX, AMD SEV, or ARM TrustZone, which offer hardware-enforced isolation to prevent unauthorized access. The system may also include a verification mechanism to authenticate the integrity of the TEE before executing sensitive operations, ensuring that the environment has not been tampered with. This approach mitigates risks associated with software-based security measures, providing a robust defense against various attack vectors.
18. The computer-implemented system of claim 13 , wherein the operations further comprise: writing the root hash, the trusted time, and the digital signature into a specified data block in the target ledger segment.
The system relates to secure data recording in distributed ledger technology, addressing the need for tamper-proof verification of data integrity and timestamping. The invention involves a computer-implemented system that generates a root hash representing a set of data blocks, obtains a trusted time from a secure time source, and creates a digital signature using a private key to authenticate the root hash and timestamp. The system then writes these elements—the root hash, trusted time, and digital signature—into a specified data block within a target ledger segment. This ensures that the data block is cryptographically linked to the verified root hash and timestamp, preventing unauthorized modifications. The system may also include mechanisms for validating the digital signature using a corresponding public key and verifying the trusted time against the ledger segment's time constraints. The invention enhances the security and reliability of distributed ledger systems by providing a verifiable record of data integrity and timestamping, which is critical for applications requiring auditability and non-repudiation.
Unknown
September 15, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.